There are two ways a customer may authenticate themselves to a service. The first is IP authentication using Access Control Lists. A customer provides the IP or range of IP addresses that they will be sending traffic from to the provider. The second is the use of digest authentication challenges to SIP Requests.
When digest authentication is in place every SIP Invite will be challenged with a SIP `407 Authentication Required` response. The client then must send the Invite again with the proper credentials. Sinch Elastic SIP Trunking supports Digest Authentication in both directions.
Outbound Digest Auth
When you have configured a Credential List on your SIP Trunk the Sinch Elastic SIP Trunking platform will challenge all calls you send to it.
If both ACLs and Digest Authentication are configured on your SIP Trunk, then both will be enforced. Before placing a call, the client will need its IP Address added to the Access Control List and its username and password configured. If either of these are not done the call will be rejected.
Inbound Digest Auth
If you have configured a credential on your SIP Endpoint, then calls from that SIP Endpoint towards your SIP Infrastructure will be able to respond to any challenges it receives with the Username and Password configured in the credential.
Before you begin setting up your Sinch Elastic SIP trunk for Digest Authentication make sure you have done the following:
- Sign up for a free account at https://www.sinch.com/ and request access for Elastic SIP Trunking. Need help? Click here for instructions.
- If you have not already done so, configure and create your Elastic SIP trunk. Instructions on how to do this can be found here.
- Ensure you note the FQDN that was created on your SIP Trunk. You will need this while setting up your IP-PBX or SIP Application.
Configuring Your Credentials
Log into the Sinch Customer Dashboard and navigate to Credential Lists underneath the Elastic SIP Trunking sub menu option:
Click CREATE NEW CREDENTIAL LIST.
The Create new Credential List dialog is displayed:
This allows you to create the list as well as the first entry. Credential Lists may contain many Username/Password credentials. When the list is assigned to a SIP Trunk, any credential found in the list may be used to authenticate calls.
Enter a friendly name for the Credential List and create your first credential by supplying a Username and Password. Click CREATE.
You may now select the Credential List name to be brought to its configuration page. Here you can add new credentials, change the name of the Credential List, change the password for a credential, or remove a credential entirely.
Finally, you must assign the credential list to the SIP Trunk. This is done in two ways, depending on whether you want to Digest Authentication used for Inbound or Outbound calling.
Configuring Outbound Digest Authentication
To enable your SIP Trunk to challenge all Invites sent to it navigate to your SIP Trunk’s configuration page and add your new credential list underneath the Outbound Call Settings. Save your changes and the configuration for Outbound Digest Authentication is complete.
Configuring Inbound Digest Authentication
To configure your SIP Endpoint with the ability to respond to any authentication challenges it receives you will need to configure a credential on it.
To do this navigate to the SIP Endpoint and click the drop-down list marked Credential. Here you will assign a single credential which will be used to authenticate the call when your SIP device or application send a challenge in response to an Invite.
Congratulations, your Elastic SIP trunk should now be operational and ready for traffic. Configure your PBX or application with your Digest Authentication credentials and give it a try!
